Conventionally, distribution of various software such as game programs, audio data and image data (hereinafter referred to as contents) via a network such as the Internet or distributable storage media such as DVDs and CDs has been popularized. These distributed contents are used by receiving the data or loading the storage media to reproduce the data at a PC (personal computer) or a game machine owned by a user, or by storing the data to a recording device within a recording/reproducing equipment appended to a PC or the like, such as a memory card or a hard disk, and newly reproducing the data from the storage medium.
An information equipment such as a video game machine or PC has an interface for receiving a distributed content or accessing a DVD or CD. The information equipment also has control means necessary for reproducing the content, and a RAM and a ROM used as memory areas for programs and data.
Various contents such as music data, image data or programs are accessed from a storage medium in accordance with a user's instruction from an information equipment body such as a game machine or PC used as a reproducing equipment, or in accordance with a user's instruction through input means connected thereto. Alternatively, these contents are reproduced through a connected display or speaker.
In general, with respect to many software contents such as game programs, music data and image data, the producers and sellers own the distribution rights. Therefore, in distributing these contents, a predetermined limitation of use is provided. That is, a system in consideration of security is employed in which only an authorized user is permitted to use the software while unauthorized copying is prevented.
One technique to realize the limitation of use by users is encryption processing of distributed contents. For example, various contents such as encrypted audio data, image data and game programs are distributed via the Internet or the like, and means for decrypting the distributed encrypted contents, that is, a decryption key, is provided only to a person who has been confirmed as an authorized user.
The encrypted data can be transformed back to usable decrypted data (plaintext) by decryption processing through a predetermined procedure. Such a data encryption and decryption method has been conventionally well known, in which an encryption key is used for information encryption processing while a decryption key is used for decryption processing.
There are various types of modes for the data encryption and decryption method using the encryption and decryption keys. One example thereof is a so-called common key encryption system. The common key encryption system is adapted for setting a common key as an encryption key used for data encryption processing and as a decryption key used for decryption of data and providing the common key used for the encryption processing and decryption to an authorized user, thereby eliminating data access by invalid users who have no key. A typical example of this system is DES (data encryption standard).
The encryption and decryption keys used for the above-described encryption processing and decryption can be acquired by applying a unidirectional function such as a hash function, for example, on the basis of a certain password or the like. A unidirectional function is a function such that it is very difficult to retroactively find an input from its output. For example, a unidirectional function is applied where a password decided by a user is an input, and encryption and decryption keys are generated on the basis of its output. It is practically impossible to retroactively find the password, which is the original data, from the encryption and decryption keys generated in the above-described manner.
A system in which different algorithms are used in the processing based on the encryption key for encryption and the processing based on the decryption key for decryption is a so-called public key encryption system. The public key encryption system is a technique in which unspecified users use an available public key. A text to be encrypted, addressed to a specified individual, is encrypted by using a public key issued by the specified individual. The text encrypted by using the public key can be decrypted only by using a private key corresponding to the public key used in the encryption processing. Since the private key is owned only by the individual who issued the public key, the text encrypted by using the public key can be decrypted only by the individual who has the private key. A typical example of the public key encryption system is the RSA (Rivest-Shamir-Adleman) scheme. By utilizing such an encryption system, it is possible to provide a system in which encrypted contents can be decrypted only by an authorized user.
In the content distribution system as described above, a method is often employed in which a content is encrypted and provided through a network or stored onto a recording medium such as a DVD or CD, which is then provided, and then a content key for decrypting the encrypted content is provided only a valid user. It has been proposed to encrypt the content key itself and provide the encrypted content key in order to prevent invalid copying of the content key so that the encrypted content key can be decrypted and made usable by using a decryption key which is owned only by the valid user.
Whether a user is a valid user or not is determined by executing authentication processing before the distribution of a content or content key, generally between a content provider as a transmitter of the content and a user device, or between user devices which transmit and receive the content.
However, in a certain case, for example, the private key of a user's device might be revealed, and an invalid user device might receive a content, storing that private key and pretending to be the invalid device. To cope with such a case, a key control center distributes a revocation list called invalid device list or blacklist containing IDs of invalid devices, to valid devices, and the valid devices use the revocation list to confirm whether ID of a communicating party is included in the list or not.
The revocation list is prepared by listing IDs of invalid devices and appending the signature of the key issuing center for preventing falsification. The revocation list is called CRL (certification revocation list), which is sequentially updated and distributed to the valid devices every time a new invalid device is generated. However, as the number of invalid devices increases, the number of IDs of the invalid devices recorded in the revocation list simply increases. Therefore, the size (data volume) of the list expands and the burden of distribution of the list data becomes heavier. Moreover, storing and saving the list in the valid devices as the destinations of distribution will be a burden on the storage space.